Over 1 million tech questions and answers.

Mallware and Adware

Q: Mallware and Adware

Having problems with program wanting me to buy an antispyware to fix my computer and I have a program already.

RELEVANCY SCORE 200
Preferred Solution: Mallware and Adware

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

A: Mallware and Adware

Hello and to BleepingComputer.Let's see what we're dealing with here.Please download RKill by Grinler from one of the 4 links below and save it to your desktop.Link 1Link 2Link 3Link 4Before we begin, you should disable any anti-malware software you have installed so it does not interfere with RKill running. This is because some anti-malware software mistakenly detects RKill as malicious. Please refer to this page if you are not sure how to disable your security software.Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed. If nothing happens or if the tool does not run, please let me know in your next reply***************************************************Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download linkIMPORTANT!!! - when you save the file, rename it to something random, such as bubbles.exe This must be done before beginning the download!MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen:Click on the Show Results button to see a list of any malware that was found.Make sure that everything is checked, and click Remove Selected.When removal is completed, a log report will open in Notepad.The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.Exit MBAM when done.Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.~BladeIn your next reply, please include the following:Malwarebytes Log

Read other 1 answers
RELEVANCY SCORE 44.4

Hello,
a few days ago i got some virus, which took all of my memory slowly and after 15 min. it releases it slowly. Ot prevents me to instal any mallware software, and use of it when i+m logged on.
It does allow me to go to safe mode and clean stuff from there, which doesn't help when i log on normally again. System is Win XP professional SP3. Please see my comboFix log below if anyone can help me to solve my problem.
Thank you in advance,
Matjaz
ComboFix 11-10-08.01 - Matja? 08.10.2011 20:27:01.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.386.1033.18.959.659 [GMT 2:00]
Running from: c:\documents and settings\Matja?\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Matja?\My Documents\HijackThis.exe
c:\windows\$NtUninstallKB14177$\2256817183
c:\windows\$NtUninstallKB14177$\3265923636\@
c:\windows\$NtUninstallKB14177$\3265923636\click.tlb
c:\windows\$NtUninstallKB14177$\3265923636\L\hznbllxz
c:\windows\$NtUninstallKB14177$\3265923636\loader.tlb
c:\windows\$NtUninstallKB14177$\3265923636\U\@00000001
c:\windows\$NtUninstallKB14177$\3265923636\U\@000000c0
c:\windows\$NtUnins... Read more

A:some mallware

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/422516 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

Read other 2 answers
RELEVANCY SCORE 44.4

http://ad.yieldmanager.com/st%3Fad_type

How do I get rid of this off of my computer...Someone please help me

Read other answers
RELEVANCY SCORE 44.4

here is the HJT log: Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:41:22 AM, on 3/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\Alwil Software\aswUpdSv.exe
D:\Program Files\Alwil Software\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
D:\Program Files\Alwil Software\ashMaiSv.exe
D:\Program Files\Alwil Software\ashWebSv.exe
D:\PROGRA~1\ALWILS~1\ashDisp.exe
D:\Program Files\Ace Explorer\Ace Explorer\Aexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
D:\Program Files\Alwil Software\setup\avast.setup
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gsmsandwich.com.ph/
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\ashDisp.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: DfLogon - C:\WINDOWS\SYSTEM32\LogonDll.dll
O23 - Service: avast!... Read more

Read other answers
RELEVANCY SCORE 44

Hello,I have numerous pop ups every time I start the internet. I have run a number of different virus scan and adware programs and have been told I have the following infections Adware.MaxSearch, Adware.SurfSidekick, Adware.PurityScan and Trojan.Adclicker. However, when I follow the instructions to clean any of these infections I do not have any of the files listed in the instructions or any of the registry values associated with them. I have attached the hijack this log, this is my first time posting so I apologize if I have done anything incorrectly.Thank you for you assistance.Denise Logfile of HijackThis v1.99.1Scan saved at 12:52:26 PM, on 21/03/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16414)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeC:\WINDOWS\system32\svchosts.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\Program Files\Norton AntiVirus... Read more

A:Numerous Adware Issues Adware.maxsearch, Adware.surfsidekick, Adware.purityscan

Hello neecy22 and Welcome to BC!Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.Please move HijackThis to it's own folder. We will not be able to fix your computer correctly and restore backups if you don't follow this directive.Create a folder for Hijackthis on the C: drive called C:\HJT. You can do this by going to My Computer then double click on C: then right click and select New then Folder and name it HJT. Navigate to C:\Documents and Settings\User\Local Settings\Temp\Locate HijackThis.exe and right click on it, select cut, right click in the folder you just did create and select paste. Do the same for the backup folder.Please download ATF Cleaner by Atribune.This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.Under Main choose: Select AllClick the Empty Selected button.If you use Firefox browserClick Firefox at the top and choose: Select AllClick the Empty Selected button.NOTE: If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browserClick Opera at the top and choose: Select AllClick the Empty Selected button.NOTE: If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.For Technical Support, double-click the e-mail address located at the bottom of each menu.Update AVG AntiSpyware ... Read more

Read other 20 answers
RELEVANCY SCORE 43.6

I get every five seconds a message on my computer with the text : Your computer is infected! Dangerous infection was detected on your pc. The system will now download and install most efficient antimalware program to prevent data loss and your private information theft. Click here to protect your computer from the biggest malware threats. -> But it don't help at all and when i remove SpywareStrike 2.5 it comes back when i restart my computer. He goes very slow to Logfile of HijackThis v1.99.1Scan saved at 14:28:17, on 3/02/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\LEXPPS.EXEC:\WINDOWS\Explorer.EXEC:\WINDOWS\System32\hkcmd.exeC:\Program Files\Dell\QuickSet\quickset.exeC:\Program Files\Synaptics\SynTP\SynTPLpr.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exeC:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXEC:\WINDOW... Read more

A:Spywarestrike 2.5 And Mallware

Hi,Download smitRem.exe ?noahdfear, and save the file to your desktop.Double click on the file to extract it to it's own folder on the desktop.Place a shortcut to Panda ActiveScan on your desktop.Please download the trial version of ewido anti-malware here:http://www.ewido.net/en/download/Please read Ewido Setup InstructionsInstall it, and update the definitions to the newest files. Do NOT run a scan yet.If you have not already installed Ad-Aware SE 1.06, follow these download and setup instructions, otherwise, check for updates:Ad-Aware SE SetupDon't run it yet!Next, please reboot your computer in SafeMode by doing the following:Restart your computerAfter hearing your computer beep once during startup, but before the Windows icon appears, press F8.Instead of Windows loading as normal, a menu should appearSelect the first option, to run Windows in Safe Mode.Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.Wait for the tool to complete and disk cleanup to finish.The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.Open Ad-aware and do a full scan. Remove all it finds.Run Ewido:Click on scannerClick on Complete System Scan and the scan will begin.While the scan is in progress you will be prompted to clean files, click OKWhen it asks if you want to c... Read more

Read other 1 answers
RELEVANCY SCORE 43.6

I can?t remove a software called Tango trough windows control pannel. It redirects to a site/message as in Tango.doc attached.I followed the 'Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help' but had problems with the gmer.exe file - it opens, but windows generated error message as showed in gmer-error.doc attached. I attached also the .txt log files from DDS.Any help on this topic?Thanks,Gustavo

A:Tango Mallware (?)

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 3 answers
RELEVANCY SCORE 43.6

Here is the log from HJT.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:12:39 PM, on 3/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\1E\SMSNomad\SMSNomadP2P.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateApp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
C:\WINDOWS\TEMP\WQ8FEE.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\AccelerometerSt.... Read more

Read other answers
RELEVANCY SCORE 43.2

Windows XP.

I have tried to scan my computer numerous times for both virus/mallware trying different software programs AVG, Ad-aware, etc.. However every time I try, the scan after freezes, or computer dies (blue screen). It doesn't matter what software I use. It could freeze anywhere between 10 minutes and an hour after starting the scan. I currently just have AVG virus only on my computer. I would be nice to be able to scan my computer. Any ideas? This has been going on for quite sometime now.

I don't know if this is related or not but I also cannot get a security update (Excel) installed on my computer. All other windows updates were completed.
 

A:cannot scan for virus/mallware

Read other 9 answers
RELEVANCY SCORE 43.2

Newbie Here

After Several Virus scans, and anti spy software runs I am still getting browser hijacks from party poker. what can i do next Help.

This is my Log from Symantec,
Date Filename Threat Threat Type
6/18/2007 16:31 retadpu77.exe Downloader File
6/18/2007 16:30 core.sys Hacktool.Rootkit File
6/18/2007 16:30 core.sys Hacktool.Rootkit File
6/18/2007 16:30 core.sys Hacktool.Rootkit File
6/18/2007 16:30 retadpu2000219.exe Downloader File
6/18/2007 16:30 core.sys Hacktool.Rootkit File
6/18/2007 16:30 retadpu2000219.exe Downloader File
6/18/2007 16:30 core.sys Hacktool.Rootkit File
6/18/2007 16:30 retadpu2000219.exe Downloader File
6/18/2007 16:30 core.sys Hacktool.Rootkit File
6/18/2007 16:30 retadpu2000219.exe Downloader File
6/18/2007 16:30 core.sys Hacktool.Rootkit File
6/18/2007 16:30 retadpu2000219.exe Downloader File
6/18/2007 16:30 core.sys Hacktool.Rootkit File
6/18/2007 16:30 func.exe Trojan.Adclicker File

here is my hijack this log
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 1:10:59 PM, on 6/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files... Read more

A:Help Virus, Mallware, Hijacks

Do a HijackThis scan & place a check next to these items and select "Fix checked":

O2 - BHO: (no name) - {B39780D1-0EB1-43DA-B4AE-664E9732D345} - C:\Program Files\Windows Media Player\hokep43855.dll
O4 - HKLM\..\Run: [svhost] "C:\WINDOWS\svhost.exe"



---------------


1. Download this file -> http://download.bleepingcomputer.com...a/ComboFix.exe

2. Double click on combofix.exe & follow the prompts.

3. When finished, it shall produce a log for you. Post that log & a fresh HJT log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Read other 19 answers
RELEVANCY SCORE 43.2

I am new to this forum so I hope I am doing this rightWell where to start. I have run countless different malware adware and antivirus programs and they all catch some problems and Remove them but they keep coming back. When I restarted my computer the other night I got an error message saying error loading c\eindows\ststem 32\kodoebu.dll I have looked for the file but it does not exisit. When I try to delete it in my startup manager it keeps coming back. I have ran all the programs that I have In safe mode and for the most part come up clean, but as soon as I restart and run them It catches more problems I am going to post my Hijack this log in hopes of getting this fixed. Thank you In advance. malwarebytes find 3 things called trojan vondo or somethingit deletes the one with the HKLM\..\Run: [dipehifage] Rundll32.exe " but it comes back after restart the other 2 say they will be deleted upon restart but arent. i am going to also post my malwarebytes log file.thank you in advance. Logfile of Trend Micro HijackThis v2.0.2Scan saved at 4:28:06 AM, on 12/4/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16735)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\s... Read more

A:Mallware Keeps comeing back

Hello makemoney11 and welcome to BC. Let's see what we can find.Before running a new scan let's clean out the temporoary folders. Download ATF Cleaner to your Desktop.Double-click ATF-Cleaner.exe to run the program.Click Select All found at the bottom of the list.Click the Empty Selected button.If you use Firefox browser, do this also:Click Firefox at the top and choose Select All from the list.Click the Empty Selected button.NOTE : If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browser, do this also:Click Opera at the top and choose Select All from the list.Close ALL Internet browsers (very important).Click the Empty Selected button.NOTE : If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.Now download OTScanIt2.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt2 on your desktop.Note: You must be logged on to the system with an account that has Administrator privileges to run this program.Close ALL OTHER PROGRAMS.Open the OTScanIt2 folder and double-click on OTScanIt2.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).Click the Scan All Users checkbox on the toolbar.Do not change any other settings.Now click the Run Scan button on the toolbar.Let it run unhindered until it finishes.When the scan is complete Notepad will open with the re... Read more

Read other 1 answers
RELEVANCY SCORE 43.2

Setting: Family members PC (Dell, WinXP, round 2 years old, specs ?)

Problem: Was running slow/partial lockups, had no AV, no AntiSpy, no software firewall for DSL (yeah perfect cluter-fudge waiting right there).

What I did: First ran Ad-Aware in safe mode (cause Normal was too slow/lockups). AW found bout 500 various unpleasantries & removed them (Note: it is a year old version thats on a disc i burnt, so it could'nt find all the newer "stuff" but should have helped enough to be able to d/l new version and scan in Normal mode). Then ran Registry Mechanic found some 500 "problems" and fixed them. Booted to Normal was still slow; with WMI errors every some 10 secs, and MS Money trying to "install" (ended up uninstaling that one). Attempted to install Norton AV '04 but opted not run pre-install scan. Norton then failed to install shortly after starting, so I rebooted, began install again but did the pre-install scan. Now the fun begins: after a 1 1/2 hour scan it found some 8000 files infected with W32.Pinfi virus . Norton repaired 3000 some files and deleted some 5000 files, installed rebooted, finished install, and then I updated Norton, rebooted and then after going into the main account, it kicked me out imedately to the select user account screen. I tried other accounts, same. Even tried safe mode, same. Its almost like i'm locked out of the comp. Was thinking of ERD commander and see if some of its tools could repair it ... Read more

A:Virus/Mallware Issue

Well my friend... Norton is not a good idea.

If norton hasn't totally corrupted windows yet by improperly removing files (or lack of), then you can try un-installing it and the old version of ad-aware and try running the latest version of kaspersky anti-virus personal pro + latest updates, in safe mode with no internet connection.
This will get rid of all the viruses / spyware / malware. Some files may still be corrupted from all the viruses but chances are most will be ok. After you've finished that put a proper firewall on it. I recomend Kaspersky Anti-Hacker, or ProtoWall + BlockList Manager.
 

Read other 1 answers
RELEVANCY SCORE 42.8

Hello this is my first post.
symptoms are, mouse out of control, random pop ups, programs wont start.

The following is my logs;

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:04:02 PM, on 15/11/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16450)
Boot mode: Safe mode with network support

Running processes:
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Users\jtompai\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\jtompai\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\jtompai\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\jtompai\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\jtompai\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\jtompai\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\jtompai\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\jtompai\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\jtompai\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ca.msn.com/?ocid=OIE9HP
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ca.msn.com/?ocid=OIE9HP
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = ... Read more

A:Windows 7 Mallware/virus issue

Hello crusher101048, and Welcome to the forum!
My name is wannabeageek and I'll be helping you with any malware problems.
I am a MRU Undergraduate trainee here, and as such my posts to you have to first be checked by a Teacher.
Because of this my replies to your posts may be slightly delayed. Please be patient and I'm sure we'll be able to resolve your problems.
Before we begin, please read and follow these important guidelines, so things will proceed smoothly.
The instructions being given are for YOUR computer and system only!
Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
You must have Administrator rights, permissions for this computer.
DO NOT run any other fix or removal tools unless instructed to do so!
DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched.
Only post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
Print each set of instructions if possible - your Internet connection will not be available during some fix processes.
Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
Only reply to this thread, do not start another one. Please, continue responding, until I give you the "All Clean!" :cheers:
Absence of symptoms does not mean that everything is clear.
I am currently reviewing your l... Read more

Read other 2 answers
RELEVANCY SCORE 42.8

;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-06-10 21:19:16
PROTECTIONS: 1
MALWARE: 24
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
McAfee VirusScan Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00047863 adware/ieplugin Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{886DD... Read more

A:Wallpaper Locked! Bugs! Mallware! Help!

Please do this:

Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.Close all applications and windows.
Double-click on dss.exe to run it, and follow the prompts.
When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt here.
Please attach extra.txt to your post.
To attach a file to a new post, simplyClick the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
copy and paste the following into the "Upload File from your Computer" box:C:\Deckard\System Scanner\extra.txt

Click Upload.

What DSS will do: create a new System Restore point in Windows XP and Vista.
clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
check some important areas of your system and produce a report for your analyst to review. DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.

---------------------------------------------------------------------------------------------

Read other 1 answers
RELEVANCY SCORE 42.8

i can't install sp2 or access my msn home page, only hotmail. mywebsearch, funweb search, isearch keep showing up on scans, also clean my pc and bestoffers won't let me uninstall. here is my hijack this log. i have run the suggested scans and anti virus- thaLogfile of HijackThis v1.99.1Scan saved at 2:51:53 PM, on 10/1/2006Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\runservice.exec:\program files\mcafee.com\agent\mcdetect.exec:\PROGRA~1\mcafee.com\agent\mctskshd.exec:\PROGRA~1\mcafee.com\vso\mcvsrte.exeC:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exeC:\WINDOWS\System32\nvsvc32.exeC:\WINDOWS\System32\svchost.exec:\PROGRA~1\mcafee.com\vso\mcshield.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\System32\WgaTray.exeC:\WINDOWS\System32\Rscmpt.exeC:\Program Files\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXEC:\PROGRA~1\mcafee.com\vso\mcvsshld.exeC:\PROGRA~1\McAfee.com\PE... Read more

A:Can;t Install Sp2 Or Access Msn- Suspect Mallware

Hello johnnyw and welcome to the BC HijackThis forum. I do not see any of the items mentioned above in the log. Let's do a little cleaning and then go from there.Start HijackThis and click the Scan button to perform a scan. Look for the following items and click in the checkbox in front of each item to select it:R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htmR3 - URLSearchHook: (no name) - - (no file)O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)O2 - BHO: (no name) - {6FB72287-7980-4777-BF0C-1242A4CF3908} - C:\Program Files\ComPlus Applications\mebovik.dll (file missing)Now close ALL open windows except HijackThis and click the Fix Checked button to finish the repair.OK. Reboot your computer normally, start HijackThis and perform a new scan. Use the Add Reply button to post your new log file back here along with details of any problems you encountered performing the above steps and I will review it when it comes in. Also run whatever scanner is showing the items mentioned in your post and post that log back here as well so I can see what is being reported and where it is being found.Cheers.OT

Read other 3 answers
RELEVANCY SCORE 42.8

hello i downloaded ytd downloader and got a few hits in the registery by adwcleaner.Mcafee also picked up 2 trojans.
i scanned with tdss killer,malwarebyes antiroot kit,malwarebytes and zero infections.i have uninstalled new.net toolbar and ytd download from the system.

A:ytd download mallware and news.net toolbar

Were the hits related to YTD Video Downloader? YTD Video Downloader is a legitimate program hosted by popular download sites.In some cases AdwCleaner may detect items related to legitimate programs...a search should always be performed first so the detections can be reviewed.If the hits were related to News.Net Toolbar, ignore the above.Did Mcafee provide a log or a specific file(s) name associated with the malware threat(s) detected? If so, what was that name and where was it located (full file path) at on your system?

Read other 12 answers
RELEVANCY SCORE 42.8

Hi,I am in a bit of a bind here... Leave it to dumb luck to get hijacked my malware as i am writing my thesis... due in ten short days... it is manageable but really slowing my machine down.. i tried to first run a kapersky scan but IE gets hijacked when it is running...any help would be very very very appreciated...thanks you all for devoting your time to help people like me...- joshs Deckard's System Scanner v20071014.68Run by Josh on 2008-04-18 11:05:40Computer is in Normal Mode.---------------------------------------------------------------------------------- HijackThis (run as Josh.exe) ------------------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:05:56 AM, on 4/18/2008Platform: Windows Vista (WinNT 6.00.1904)MSIE: Internet Explorer v7.00 (7.00.6000.16643)Boot mode: NormalRunning processes:C:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEc:\PROGRA~1\mcafee.com\agent\mcagent.exeC:\Program Files\McAfee\MPS\mpsevh.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Windows\sttray.exeC:\Windows\System32\WLTRAY.EXEC:\Program Files\Common Files\InstallShield\UpdateService\issch.exeC:\Program Files\Winamp\winampa.exeC:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exeC:\Program Files\PowerISO\PWRISO... Read more

A:Hi... Please Help... Writing Thesis.. Mallware Hijack

Hi jotamon Sorry for the delay in answering your post. Things are very busy here at the moment.If you still need help could you please post back a new Hjt log.... things change so quickly and we need to see what's happening now.Thanks

Read other 14 answers
RELEVANCY SCORE 42.8

Hello guys. I encountered this malware yesterday as I was browsing what I thought was a normal news site. I wonder if this is a "Christmas Present" others are receiving? It started giving me conflicting "virus detected" reports which I didn't know were real or AVG-related. I have AVG on my machine and ran it and it detected no problems. I have HijackThis software which I ran but am not knowledgeable enough to interpret the results. I've read several threads with this same topic but not sure if I should just follow those instructions or start a new thread. I'm running NT on a Compaq machine. Can someone help me please?

Edit: I should also mention that I had to run the System Restore option on my machine since when I attempted to boot it, and start windows, it immediately started some applications indicating that virus were present on my machine. I restored it to the previous day and this eliminated that problem but the google redirect problem is still on my machine.

Thanks!

A:Google redirect mallware on my machine

Hello,Please follow the instructions in ==>This Guide<==. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues and what you have done to resolve them.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Orange Blossom

Read other 2 answers
RELEVANCY SCORE 42.8

Thanks in advance!

Problem seemed to manifest after I download a torrent of an .avi file.

- computer restarts out of the blue
- mad amount of pop ups
- won't recognize USB flash device
- desktop background image w/ text "warning dangerous spyware following viruses were found on your computer: trojan horse, pass capture and etc. Your private information may be potentially transferred to third parties. Please, check the computer using advance software. Thanks."
- taskbar popup of "warning! computer is infected"
- ntdll64.exe error (send error report or don't send) on start up and at other various intervals.





DDS (Ver_09-05-14.01) - NTFSx86
Run by Erin at 11:20:24.95 on Sun 05/17/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_10
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.191 [GMT -3:00]

AV: avast! antivirus 4.8.1229 [VPS 080930-0] *On-access scanning enabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java... Read more

A:Help Needed W/ Trojan/Mallware Infection.

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems. HijackThis logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that it happens.

Before we start: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Somethings to remember while we are working together.
1.Please do not run any other tool untill instructed to do so!
2.Please reply to this thread, do not start another!
3.Please tell me about any problems that have occurred during the fix.
4.Please tell me of any other symptoms you may be having as these can help also.
5.Please try as much as possible not to run anything while executing a fix.

If you follow these instructions, everything should go smoothly.

I am going over your logs now an... Read more

Read other 17 answers
RELEVANCY SCORE 42.8

Referred from here: http://www.bleepingcomputer.com/forums/t/298223/ive-been-hacked-i-think/ ~ OB I'm sure I screwed up somewhere. Give me hell. I deserve it. Was I supposed to have uninstalled AVG?

A:Unknown Culprit Mallware or Virus etc.

hi,I looked at your other post. It looks like your blog may have been compromised, not your machine. Web sites can be hacked to dish out malware and/or redirects etc.

Read other 13 answers
RELEVANCY SCORE 42.8

Hello,

I was having an issue with mallware called "Mallware Doctor." So I ran Malware Bytes and after the scan it found 2 Trojans. I removed them and it asked to restart my computer to complete the process. I clicked ok, then when it restarted the normal screen came up then just went black.

I have tried rebooting several times, I am able to hit F2 and get to setup. I can also hit F8, but when I make any selection after hitting F8 it either starts again with the black screen or if i select to start it in safe mode I get a bunch of white text saying That stops halfway through the screen.

Rob

Read other answers
RELEVANCY SCORE 42.8

Hi All,

I am hoping to get help with a problem a recently discovered. I am using Windows XP SP3 (Media Center Edition). I recently noticed my computer misbehaving, slowness, occasional pop-up from Super Anti-Spyware when browsing IE7. I started to look in the usual places like msconfig and current processes running and found a suspicious dll in the startup menu. The line in msconfig currently reads O4 - HKLM\..\Run: [Jrobibere] rundll32.exe "C:\WINDOWS\atadavakul.dll",e. I have tried several utilities to erradicate the dll without success. Here are the steps I have taken so far (both in standard and safe mode):

- Run CCLeaner
- Run AD-Aware
- Run Search & Destroy
- Run Avira AnitVir
- Run SUPERAntispyware
- Run HijackThis

Running the above utilities does not get rid of the dll. The only app that seems to locate it is HijackThis. I try removing it via Hijack, but it comes immediately back after a re-scan. I also ran ProcessExplorer to look up the dll relation, and it seems to be hooked into Explorer.exe. I even went as far as running through a suggested Vundo fix solution, I saw on here months back. Still no luck. I am able to rename the dll, reboot, and successfully remove the dll. However the dll gets randomly renamed. The only things that seems to stay the same is the "Jrobibere" name. Also I tried to remove the run key from the regisrty and it immediately comes back, even if Windows Restore is turned off. Below is my DDS resu... Read more

A:Possible virus/trojan/mallware in explorer.exe

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructio... Read more

Read other 22 answers
RELEVANCY SCORE 42.4

Hello all,First, thank you all for this site and the work everyone puts into helping us out! Now to business, noticed last weekend google results were hijacked. Haven't been able to get rid of it. Also noticed Spybot wasn't working when I clicked on the shortcut - I changed the filename of the executable and it ran ok, but nothing has really picked up a problem, between Spybot and Avira. Here is my iniital info per the Prep guide instructions:Regards,Mike SchneiderDDS.txt:DDS (Ver_10-03-17.01) - NTFSx86 Run by Mike at 21:53:31.75 on Mon 08/30/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_16Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1194 [GMT -7:00]AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}============== Running Processes ===============C:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupsvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exec:\program files\common files\logitech\lvmvfm\LVPrcSrv.exeC:\Program Files\Avira\AntiVir Desktop\sched.exesvchost.exeC:\Program Files\Avira\AntiVir Desktop\avguard.exeC:\Program Files\Common Files ... Read more

A:Infected by Google Hijack Mallware/Virus:

Good evening. Take a trip to this webpage for download links and instructions for running Combofix by sUBs.* Please be aware that this tool may require the PC to be rebooted so close any programs you have open before you start. When CF has finished, it will produce a log - C:\ComboFix.txt - copy and paste it into your next reply. Let me know how the PC is behaving.* There are two points to note from the instructions page:1) The Recovery Console.It is recommended that you install this as, in certain circumstances, it may be the difference between a successful repair and a reformat. If you are uncertain as to whether or not you already have the Recovery Console installed, simply run CF and it will prompt you if it does not detect it.CF will complete some, but not all, of it's removal tasks without the installation of the Console so, should you choose not to allow the installation, you may not get the results you hoped for.2) Disabling your Anti-Virus.CF has been the victim of false-positive detections on occasion and a resident AV may incorrectly identify and delete part of the tool which won't do it much good. If you don't disable your AV, you may not get the results you hoped for either.

Read other 20 answers
RELEVANCY SCORE 42.4

My computer starts up really slowly and lately the wireless speed starts out strong, then drops to a weaker signal. While browsing internet, mallware windows pop-up. Here are the DDS logs:DDS (Version 1.1.0) - NTFSx86 Run by Todd Maniscalco at 10:34:56.89 on Sat 12/27/2008Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_10Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.45 [GMT -5:00]AV: McAfee VirusScan *On-access scanning enabled* (Updated)FW: McAfee Personal Firewall *enabled*============== Running Processes ===============C:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupsvchost.exesvchost.exeC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\system32\CTsvcCDA.exeC:\Program Files\Cisco Systems\VPN Client\cvpnd.exeC:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe... Read more

A:Computer slow, Mallware browser windows pop-up

Please download Malwarebytes' Anti-Malware from HERE or HERENote: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"Double Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Full Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.NEXTPlease download RSIT by random/random and save it to your Desktop.Double click on RSIT.exe to run RSITBefore you click "Continue", make sure you change the List files/folders created or modified in the last 3 monthsClick Continue at the disclaimer screen.Once it has finished, two lo... Read more

Read other 11 answers
RELEVANCY SCORE 42.4

Hello.

I just found this site after a quick search on google and read some of the other topics with the similar problems I have.

The messages I constantly have poping up out of the right hand corner and in the middle of the screen are:

1. [email protected]
2. [email protected]
3. black door antivirus
4. net [email protected]
5. spyware cyberlog-X
6. PSW.X-Vir

I am running a windiws XP system and have used superantispyware, ad-aware 07 and spybot and deleted whatever things they have come up with but the results are the same, these messages keep popping up.

I would have added a hijackthis log if I only know how and where to acquire one.
As you can see I am an amateur at this and any help you could give would be greatly appreciated.

Thanks in advance.
 

A:Solved: A bunch of trojans and mallware problems. Please Help!

Read other 16 answers
RELEVANCY SCORE 42.4

Hows it going? recently my computer started doing a whole bunch of things it has never done before and i think it all started with a program called outerinfo that appeared on my computer at the same time all this started happening. trend micro pc cillin internet security 14 came with my computer and is showing me about 10 infected files on my computer with various trojans. ive tried to manually delete and it says the file is in use or write protected. next 2 new icons appeared in my system tray that i do not trust. one is a red circle with an x in it. it says it is windows antivirus and i should download some spyware even though i already have it and i just downloaded AVG antispyware yesterday. the other icon is a yellow triangle with an exclamation point in it. when you hover the mouse over it, it says "your computer is infected"
i have a combofix and a hijackthis log. any help is very much appreciated. thank you.

Combo Fix Log
ComboFix 08-01-23.1C - Bob G 2008-01-25 21:23:24.1 - NTFSx86
Running from: C:\Documents and Settings\Bob G\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\DOCUME~1\BOBG~1\APPLIC~1\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\Documents and Settings\Bob G\Application Data\macromedia\Flash Player\#SharedObjects\5W7GUH3M\www.broadcast... Read more

Read other answers
RELEVANCY SCORE 42.4

Dear all..
I have a problem with laptop for a couple of days and I believe that you can provide me some help. I tried to find some answers in similar topics but no luck.
Here is the story..

I had ESET NOD32 installed and it failed to start. Once, twice and all of the sudden it disapeard in sys tray where it was ussually. So I tried to install an AVG but it failed to start some service. Firewall (sygate personal) also wont start...
I checked my connection and there was no local area connection! In device manager there are all exclamation marks on all network adapters.
On laptop there are Win XP SP3...

Any ideas?
Best wishes,
Milan

A:trojan/mallware or what? unable to install any antivirus

there are all exclamation marks on all network adaptersSomehow they have become corruptYou need to replace them. What is the make and model number of the computer?

Read other 1 answers
RELEVANCY SCORE 42.4

Lets go straight to point, i recently moved out from a place with bad neighbours (I even had privious thread here about logons) Now what i fear is i was usually sining out of my account (adimn) and closethe laptop (which i belive leaves it in hybernating state). Now i started to fear what if some USB flash was inserted while i was out? Now i know it cant take action while the laptop is locked but, lets assume, i start it and start working without noticing there is usb insterted, will it immidiatly transmit and install anthing whitout asking for premision, Will i at least see some loading pops up or it could install/infect me silenltly. 

Read other answers
RELEVANCY SCORE 42.4

Lets go straight to point, i recently moved out from a place with bad neighbours (I even had privious thread here about logons) Now what i fear is i was usually sining out of my account (adimn) and closethe laptop (which i belive leaves it in hybernating state). Now i started to fear what if some USB flash was inserted while i was out? Now i know it cant take action while the laptop is locked but, lets assume, i start it and start working without noticing there is usb insterted, will it immidiatly transmit and install anthing whitout asking for premision, Will i at least see some loading pops up or it could install/infect me silenltly. 

A:Installing spy mallware while laptop is sleeping or hybernating?

A file on a flash drive can not open itself.

Read other 2 answers
RELEVANCY SCORE 42

I had popups and searches redirected. Then the desktop disappeared and the screen turned white except for a screen saying to click to run a scan. I pulled the plug on the computer, booted in safe mode which allowed me to run combofix which gave control of the computer back to me. I ran DDS and root repeal. Logs are included.Thanks.
 Attach.zip   5.49KB
  13 downloadsDDS (Ver_09-12-01.01) - NTFSx86 Run by Dur at 14:34:11.48 on Sat 01/23/2010Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_17Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3327.2596 [GMT -5:00]AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) ::: FOOTER (Change skin, language, mark as read, etc) ::: 2============== Running Processes ===============C:\Windows\system32\Ati2evxx.exeC:\Windows\system32\svchost -k DcomLaunchsvchost.exeC:\Windows\System32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k WudfServiceGroupsvchost.exesvchost.exeC:\Windows\system32\Ati2evxx.exeC:\Windows\system32\spoolsv.exeC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exeC:\Program Files\AVG\AVG9\avgcsrvx.exesvchost.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Windows\system32\astsrv.exeC:\Program ... Read more

A:Mallware, popups, search redirect, desktop dissapeared

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 17 answers
RELEVANCY SCORE 39.2

hi im new with this so please bare with me! this is the hijackthis log file, i hope this is the bit you need!

Logfile of HijackThis v1.99.1
Scan saved at 11:31:12, on 03/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\Program Files\Freecom Personal Media Suite\FCPMS.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Skype\Plug... Read more

A:HI help removing adware.purityscan adware.zquest and adware.safesearch many thanks

Hi and welcome to TSF.

Apologies for any delay in replying, but we have been rather busy lately, and, of course, all our helpers are volunteers.

Since it has been a few days since you first posted, please follow these instructions if you still need assistance.

Download Deckard's System Scanner (DSS) to your Desktop . Note: You must be logged onto an account with administrator privileges.Close all applications and windows.
Double-click on dss.exe to run it, and follow the prompts.
When the scan is complete, two text files will open - minimised > extra.txt and maximised > main.txt.
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt back in this thread (do not attach it).
Please attach extra.txt to your post.


To attach a file to a new post, simplyClick the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
copy and paste the following into the "Upload File from your Computer" box:C:\Deckard\System Scanner\extra.txt

Click Upload.

Thank you for your patience.

Read other 4 answers
RELEVANCY SCORE 38

Hi,I need help removing malware. I have included online Panda scanner results and my HijackThis log.This is from the online Panda scanner:Incident...................................Status.......................LocationAdware:adware/sqwire.............Not disinfected...........WindowsRegistryAdware:adware/adbars.............Not disinfected...........Windows RegistryDialer:dialer.xd........................Not disinfected.......................................................................... HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{54645654-2225-4455-44A1-9F4543D34546}Adware:adware/activesearch.....Not disinfected..........Windows RegistryAdware:adware/adblaster..........Not disinfected..........Windows RegistryAdware:adware/adsincontext.....Not disinfected...........Windows RegistryHere is my HijackThis log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:25:19 PM, on 10/4/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\... Read more

A:Adware/sqwire, Adware/adbars, Adware/activesearch, Ect...

Hi uncompute, sorry for the delay.Please download Combofix to your desktop.Doubleclick ComboFix.exe to launch the application.Follow the prompts that will be displayed on the screen.Don't click on the window while the fix is running, because that will cause your system to hang.When finished, it should produce a log, combofix.txt. Note that some cleaning may require a reboot, so it won't be finished until that is done.Post this log in your next reply along with a new HijackThis log.

Read other 1 answers
RELEVANCY SCORE 38

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 15:22:11, on 05/09/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Sygate\SPF\smc.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\Program Files\Java\jre1.5.0_06\bin\jusched.exeC:\WINDOWS\system32\sistray.EXEC:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exeC:\Program Files\CyberLink\PowerDVD\PDVDServ.exeC:\Program Files\BearShare\BearShare.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exeC:\Program Files\Sly... Read more

A:Infected With Adware Agent Bn (a.k.a Adware/videocach [panda], Adware.win32.agent.ci [kaspersky], Adwar)

Welcome to the BleepingComputer HijackThis Logs and Analysis forum beaverbottoms My name is Richie and i'll be helping you to fix your problems.Download SDFix.exe and save it to your desktop:http://downloads.andymanchesta.com/RemovalTools/SDFix.exe* Double click on SDFix on your desktop,and install the fix to C:\ Please then reboot your computer into Safe Mode by doing the following:* Restart your computer* After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;* Instead of Windows loading as normal, a menu with options should appear;* Select the first option, to run Windows in Safe Mode, then press "Enter".* Choose your usual account.* In Safe Mode,go to and open the C:\SDFix folder,then double click on RunThis.bat to start the script.* Type Y to begin the script.* It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.* Press any Key and it will restart the PC.* Your system will take longer that normal to restart as the fixtool will be running and removing files.* When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.* Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt into your next reply.Download Combofix and save to your desktop:Note: It is important that it is saved directly t... Read more

Read other 3 answers
RELEVANCY SCORE 37.6

I have ran continuous spyware terminator and Spybot Search and Destroys and these keep popping up

Worm.Koobface-20
SPR/Tool.HIde.A
Virus.Sality.Y
Trojan.Inject.qyz

System Security 2009 is now for some strange reason on my desktop. I never installed in. It keeps trying to run on my system and tell me to buy it and everything....

In case the file I attached is messed here is the hijick this report

Please help! This is a crazy issue I have never seen before.

A:Major TROJAN and MALLWARE ISSUE!! (Trojan.Inject.qyz, Worm.Koobface, Virus.Sality.Y)

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 12 answers
RELEVANCY SCORE 37.6

Operating system: Windows XP pro (sp2 ?)
2 physical hard drives, each with 2 or 3 partitions.
C: 1st partition, mainly used for program files, although some important data is also located on that partition
Mallware/virus attack included the following:
- Multiple advert windows opening up.
- Various warnings (about 17 infections) from AVG Free: Quarantined most, remainder needed restart. Unfortunately I did not take note of the specific virus id's.
- Windows security warnings popped up, although these got very confusing, as malware/virus was impersonating the Windows alerts, and produced a duplicate security shield in the taskbar.
One warning indicating AVG as unauthorised virus software with option to remove! I did ignore that one!
- Mallware/virus installed some (rogue?) malware/virus software on the infected PC
- I tried to perform root scan with unhackme but machine froze (1st time)
- On restart warning window pops up: Google update not accessible? On both options (debug or close) machine froze.
When totally ignoring the Google warning box, Windows does appear to finish loading, however when going to my computer, the windows warning appears to the effect that on proceeding I will be accessing the system files. On proceeding all files and folders (including data & program files) appear to be system files, and the machine freezes.
- Machine freezes on all actions as far as I know
- Starting up in safe mode: machine freezes
- Starting up with last known safe configur... Read more

A:Mallware attack: XP freezes, safe mode freezes, file system poss corrupt, etc

bump
 

Read other 1 answers
RELEVANCY SCORE 34.4

Hello,So I've had this problem, shamefully, for many weeks and I've just gotten around to seeking help. The problem began when NOD32 popped up and said there was a threat on a website (can't remember what, and don't have a log). Afterwards my Internet Explorer would open up every couple of minutes by itself and direct me to random websites for products. Internet Explorer was not my primary browser.I ran an in-depth scan with NOD32 and used SUPERAntiSpyware, and the popups stopped. The threats that were found and deleted (only by SUPERAntiSpyware):Trojan.Vundo-Variant/small-genTrojan.Vundo-Variant/NEXTGenAdware.Vundo VariantRogue.Component/TraceAnd a lot of tracking cookiesCurrently my computer still randomly slows down, my Desktop disappeared to a white screen with "Active Desktop Recovery," degraded-quality desktop icons, and a button that says "Restore Desktop," which doesn't work. Automatic Updates is always turned off, and won't stay on. Every time I use the Shift button below my Enter key, my computer beeps. Lastly, my fingerprint scanner on startup recognizes and approves my scan, but doesn't log me on: "Cannot log on user."Scanning last night and today, these threats were found by both NOD32 and SUPERAntiSpyware:C:\Qoobox\Quarantine\C\WINDOWS\system32\byyoykty.dll.vir - a variant of Win32/Adware.Virtumonde.NEE applicationC:\Qoobox\Quarantine\C\WINDOWS\system... Read more

A:Trojan.Vundo; Adware.Virtumonde; Adware.Facati? Operating memory.

Let's start with Malwarebytes...Hi and welcome to BleepingComputer The process of cleaning your computer may require temporarily disabliling some security programs. If you are using SpyBot Search and Destroy, please refer to Note 2 at the bottom of this page.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed ... Read more

Read other 1 answers
RELEVANCY SCORE 34.4

I've been hit w/ som adware and I' being attacked by adware.vundo and adware.ezula, which my Norton is fighting off. Please help!

Windows XP, Dell Dimension 8400 desktop.

My Hijack log file. Thanks!

Logfile of HijackThis v1.99.1
Scan saved at 9:49:49 AM, on 11/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LMPDPSRV.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Fil... Read more

A:[SOLVED] Attacked by adware.vundo and adware.ezula - Hijack log help needed.

Welcome to TSF :hello:

Please download VundoFix.exe to your desktop.
Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Please post the contents of C:\vundofix.txt and a new HiJackThis log.

Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

Read other 13 answers
RELEVANCY SCORE 34.4

I have tried several differant things to fix this computer and all I seem to do is get another infection.Thanks in advance. Here is my log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:59:54 AM, on 12/26/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\WINDOWS\system32\spoolsv.exec:\program files\act\act for windows\act.scheduler.exeC:\WINDOWS\System32\Ati2evxx.exeC:\Program Files\Cisco Systems\VPN Client\cvpnd.exeC:\Program Files\Symantec AntiVirus\DefWatch.exeC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeC:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Symantec AntiVirus\Rtvscan.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\pcts... Read more

A:Need Help With: Trojan.vundo,metajuan,dropper, Adware Purity, Adware Maxsearch

Since my last post, now my Symantec Antivirus will not auto protect.

Read other 8 answers
RELEVANCY SCORE 34.4

On 4/2/10 I opened a "video" link from a friend on Facebook. The link was for a file at "y.o.y tube". At first I thought it legit. but immediately began having all kinds of pop up ads for "Best Anti-virus" and other assorted ads. I ran Malwarebytes and it deleted over 140 infections. Included in those were the names I listed in the "Topic Title" bar. Here is the Malwarebytes log:Malwarebytes' Anti-Malware 1.44Database version: 3510Windows 6.0.6000Internet Explorer 8.0.6001.188824/2/2010 10:53:42 AMmbam-log-2010-04-02 (10-53-42).txtScan type: Full Scan (C:\|D:\|)Objects scanned: 294751Time elapsed: 1 hour(s), 40 minute(s), 48 second(s)Memory Processes Infected: 2Memory Modules Infected: 6Registry Keys Infected: 141Registry Values Infected: 9Registry Data Items Infected: 0Folders Infected: 31Files Infected: 149Memory Processes Infected:C:\Program Files\MyWebSearch\bar\7.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> Unloaded process successfully.C:\Program Files\webserver\webserver.exe (Worm.KoobFace) -> Unloaded process successfully.Memory Modules Infected:C:\Program Files\MyWebSearch\bar\7.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> Delete on reboot.C:\Program Files\MyWebSearch\bar\7.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> Delete on reboot.C:\Program Files\MyWebSearch\bar\7.bin\MWSBAR.DLL (Adware.MyWe... Read more

A:Adware.MyWebSearch; worm.KoobFace; Adware.Hotbar; Trojan.Vundo

Hello ----------------------------------------------------------------------------------------------Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate. Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete. Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper at this forum. ---------------------------------------------------------------------------------------------Please visit this webpage for download links, and instructions for running combofix:http://www.bleepingcomputer.com/combofix/how-to-use-combofix * Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.You can get help on disabling your protection programs herePlease include the C:\ComboFix.txt in your next reply for further review.

Read other 16 answers
RELEVANCY SCORE 34.4

Hello,I thank you in advance for the help you could provide me with to resolve the persistent issue of redirection to sites non related to the Google search links, www.thewebsitesurvey.com and www.yourinputsurvey.comIt all started after MBAM reports of succesfully removing Adware.SmartShopper, Adware.Zwunzi and Spyware,MarketScore the system will show a notification that Windows will have to close because of a Plug and Play server unexpected .... and then it was a DCOM server issue and Windows will close immediately, so I opted for a system restore to a previews point as an immediate solution and those issues stopped. Following that the redirection to the mentioned above websites started. I found an article recommending a HijackThis diagnostics and at the Trend Mitro website followed the recommendation to ask for assistance in a forum prior to trying to make any changes.So here are the reports you request as per your instructions and I will be awaiting your valuable comments and recommendations and what to do with the HijackThis report I already ran.Thanks!DDS (Ver_09-12-01.01) - NTFSx86 Run by Vilma at 23:06:03.18 on Thu 01/21/2010Internet Explorer: 8.0.6001.18865Microsoft? Windows Vista? Ultimate 6.0.6001.1.1252.1.1033.18.2045.882 [GMT -5:00]SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Win... Read more

A:Issues after removal of Adware.SmartShopper,Adware.Zwunzi,Spyware,MarketScore

Hello and welcome to Bleeping Computer! We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Fo... Read more

Read other 3 answers
RELEVANCY SCORE 34.4

A little over a week ago while cleaning up my friend's computer I found he had a bunch of installers in his downloads folder that 
were being labled as "Install Core adware" which were able to install Android apps directly to Android phones/tables without the 
usual Android security/install prompts. 
 
I called another friend whose a web/PHP developer and we figured out that these installers were using a cross-site/cross-app 
request forgery attack against the Google Play Store. These "adware" installers are scanning PCs for Google login cookies and 
then taking data from the cookies and sending it to the Play Store to make it appear that you are using your web browser to view the 
Play Store and install Android Apps. 
 
We also discovered these installers were able to install Chrome extensions without Chrome showing any security prompts. Some of 
the extensions that were being secretly installed pop ad windows/tabs, inject graphical and text ads on every page you are 
visiting. In some cases, these extensions were installed into Chrome (as well as Firefox and IE) without any disclosure at all. 
Vonterra "Safe" Ad was one of the extentions that installed with a search toolbar called MySearchDial which apparently is also from 
the company that makes these Install Core installers. 
 
My friend and I emailed over a dozen reputable antivirus/antimalware companies all the information we had. Then I 
wa... Read more

Read other answers
RELEVANCY SCORE 34.4

Hi,

My PC and iPOD is infected with below viruses
trojan.Hider.i ,
Worm.VB.nei ,
Adware.Generic
and Adware.BHO

I have scanned my desktop with the AVG AntiSpyware But after scanning the Save report link was disabled, so i have taken some screenshots of the viruses information on the screen and attaching it.
apart from this report from other tools are below.

=================================================
********************************* ROOTCHK-(22-08-07)-LOG, by ejvindh
Wed 09/05/2007 23:10:42.77
The rootkits that are detected by this tool were not found.
********************************* ROOTCHK-LOG-end

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-05 23:10:42
Windows 5.1.2600
scanning hidden processes ...
scanning hidden services & system hive ...
disk error: C:\WINDOWS\system32\config\system
scanning hidden registry entries ...
disk error: C:\WINDOWS\system32\config\software
disk error: C:\Documents and Settings\Asif Karim\ntuser.dat
scanning hidden files ...
hidden processes: 0
hidden files: 0

========================================================================
Logfile of HijackThis v1.99.1
Scan saved at 11:15:23 PM, on 9/5/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32... Read more

Read other answers
RELEVANCY SCORE 34.4

symantec says it is quarantining, removing, or cleaning all of the threats but every time i reboot they appear againC:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\ibmpmsvc.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exeC:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Cisco Systems\VPN Client\cvpnd.exeC:\Program Files\Symantec AntiVirus\DefWatch.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\Symantec AntiVirus\SavRoam.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Symantec AntiVirus\Rtvscan.exeC:\WINDOWS\system32\TpKmpSVC.exeC:\Program Files\Viewpoint\Common\ViewpointService.exeC:\Program Files\Windows M... Read more

A:Hijackthis Log - Tojan.vundo, Adware.ezula, Adware.purityscan

**smitfraudfix

Read other 2 answers
RELEVANCY SCORE 34

Ok, so I can't use IE7 or Opera, FireFox is the only browser that works and so I decided to scan with kaspersky's free tool and here is my report.... it found: adware not-a-virus:AdWare.Win32.Look2Me

I need the proper steps to remove this and also get my browser's working again. PLEASE HELP ME! lol thanks everyone for reading and hopefully the future help.

Link to my other post about the browser error's and the message it gives me.

Scan
----
Scanned: 366193
Detected: 1
Untreated: 0
Start time: 1/22/2008 3:36:13 PM
Duration: 03:01:29
Finish time: 1/22/2008 6:37:42 PM
Signatures published: 1/22/2008 11:43:50 AM
Detected
--------
Status Object
------ ------
deleted: adware not-a-virus:AdWare.Win32.Look2Me.e File: C:\Program Files\INITIO\Button Manager v1.874\inihid.exe
Events
------
Time Name Status Reason
---- ---- ------ ------
Statistics
----------
Object Scanned Detected Untreated Deleted Moved to Quarantine Archives Packed files Password protected Corrupted
------ ------- -------- --------- ------- ------------------- -------- ------------ ------------------ ---------
Settings
--------
Parameter Value
--------- -----
Security Level Recommended
Action Prompt for action when the scan is complete
Run mode Manually
File types Scan all files
Scan only new and changed files No
Scan archives All
Scan embedded OLE objects All
Skip if object is larger than No
Skip if scan takes longer than No
Parse email formats No
Scan password-protected archives ... Read more

A:adware not-a-virus:AdWare.Win32.Look2Me PROBLEM

Read other 6 answers
RELEVANCY SCORE 34

Hey guys first time poster. My friend clicked one of those AIM links which asks something along the lines "Is this a picture of you?"

Now he seems to have a bunch of performance issues, a popup problem, and when using internet explorer, the window will deselect or forms will be submitted prior to completion.

Here is the HJT report...

Logfile of HijackThis v1.99.1
Scan saved at 7:07:38 PM, on 12/9/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SmFzb24gQmVueWE\command.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\Program... Read more

A:Adware.Latend, Spyware.ISearch, Adware.FFinder, and more!

Read other 9 answers
RELEVANCY SCORE 34

I have been unable to log into any user in normal mode, it automatically logs off within a few seconds. I get several bad image dll errors anytime I try to open a program. Several programs have been disabled completely. The internet has been blocked, I can open ie but it will not connect. I am unable to print, a problem with the spooler. I can write to disc through Kodak Easyshare and Creative MediaSource but not any text documents. I have a previous post on the Am I Infected? Forum, I will try to post a link. I downloaded & ran SuperAntiSpyware & CCleaner prior to this problem due to a black WARNING screen and RealAntivirus Popups. I have run SuperAntiSpyware, SDFix & Malwarebytes' Anti-Malware in safe mode since then. The infections listed in the Topic Title are what was left in the 2nd scan by MalwarebyteVisit My WebsiteI am aware that limewire is installed, my daughter was suppose to uninstall it. It will be the first thing to go once I get up and running. DDS (Ver_09-02-01.01) - NTFSx86 NETWORKRun by SHARON at 17:36:40.32 on Sat 02/28/2009Internet Explorer: 7.0.5730.11Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.502.346 [GMT -6:00]AV: Anti-Virus - SBC Yahoo! Online Protection *On-access scanning enabled* (Updated)AV: avast! antivirus 4.7.827 [VPS 0624-1] *On-access scanning enabled (Updated)---------------------------- Running Processes ------------------------------C:WWINDOWSWsystem32Wsvchost -k DcomLaunchsvchost.exeC:WWINDOWSWsystem3... Read more

A:Trojan.FakeAlert, Adware.VideoEgg, Adware.MyWebSearch

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for p... Read more

Read other 2 answers